Singel-Minded: Anatomy of a Backlash, or How Facebook Got an ‘F’ for Facial Recognition

ANALYSIS — If you haven’t heard yet, Facebook hiked right into another privacy wetland this week, as it started rolling out its facial recognition technology to users outside of North America.

The backlash, led by Graham Cluley blogging for the security firm Sophos, was fierce — and not altogether focused. European privacy regulators immediately began an inquiry – a bad sign for all since there’s little the E.U. does worse than investigate privacy issues (opt-in for even first party cookies, for example — notwithstanding that the E.U. actually has some decent smart rules about information privacy.)

At issue is a feature that Facebook turns on by default. When one of your friends uploads a photo and goes to “tag” individuals in the photo, Facebook’s facial recognition algorithm makes guesses about the faces in the photos and suggests the right user for the picture. If someone who is not your Facebook friend uploads a picture say from a conference, they will not get the suggestion that it is you (likely in no small part because facial recognition beyond a certain group size is much harder to do.)

It’s a pretty common-sense feature and examined coldly, really not very invasive and perhaps not even that useful. Similar features are baked into Apple’s iPhoto and Google’s Picasa client software. (For my money, the creepiest features of Google and Facebook are Google’s default-on Web History recording and Facebook’s behind-the-scenes ranking of the strength of your friendship with each of your friends.)

But the backlash is really about two things: 1) the fateful combination of the words “Facial Recognition” and “Facebook” and 2) Facebook’s tone-deaf handling of the feature.

As Cluley points out, Facebook is automatically opting users into the feature without notification. And if you go deep into your privacy settings in Facebook, you can turn off the feature — but only once it is installed. That’s a dumb choice. Facebook already has a way for you to opt out of being used in third-party ads on sites not on Facebook – even though it’s a feature it has not rolled out yet. (Go to Account -> Account Setting -> Facebook Ads -> Ads shown by third parties).

There are any number of ways Facebook could have introduced this better – while still choosing to opt all its users in – but somehow the message still hasn’t gotten through to Facebook — even though many people love the site, it’s also for many a very creepy site.

That’s not about any one feature or even about how a feature works. It’s an irrational response to a bigger rational concern, something tech guru Tim O’Reilly sort-of gets as he advises that people should just get over the “hysteria.”

Facebook has largely cornered the market on identity and it’s constantly redefining how we present ourselves in the public sphere and imposing a cost for choosing not to embrace Facebook’s new vision of digital personhood.

So of course, many are going to react very badly to the combination of the words “Facial Recognition” and “Facebook,” and in fact, it might not be irrational. Facebook has a long history of pushing privacy boundaries further and further — so it’s not unrealistic to expect that this feature will, in the future, change to a default beyond just your friends.

And those defaults matter a lot — just ask Google about Buzz and e-mail contacts — or read the Facebook-Facial recognition news this week.